Hacker News new | ask | show | jobs
by adwn 1944 days ago
That's the wrong question to ask. The right questions are:

1) Are there any real examples of software exploits that could have been fixed by programming language features?

2) Is there an incentive to exploit software bugs in a payment system?

To which the answers are 1) almost too many to count, and 2) yes, definitely.
1 comments
dbrgn 1944 days ago
Here's a recent USENIX talk on the topic of memory unsafety and the choice of programming languages: https://www.usenix.org/conference/enigma2021/presentation/ga...

Slides can be downloaded. I hope the talk recording will be available as well.

link
otabdeveloper4 1943 days ago
> memory unsafety

Memory unsafety is just one class of safety bugs, and a relatively unimportant one.

As far as payment processors go, I'd be much more worried about concurrency bugs.

link
adwn 1943 days ago
> Memory unsafety is just one class of safety bugs, and a relatively unimportant one.

Wrong. Memory unsafety, in its various forms, is the primary source of exploits in software written in C.

> I'd be much more worried about concurrency bugs

Another thing which is hard to do in C, and so much easier in some more modern programming languages (particularly in Rust).

link